Every profession has its own “shorthand” for commonly-used terms and expressions, and IT is no exception. As an IT decision-maker, here are 18 key cybersecurity and networking terms you may have heard but didn’t exactly know what they meant (until now)!
Antivirus and Antimalware
Antivirus and antimalware programs are the first line of cybersecurity defense. They are designed to bar malicious actors from entering a system through files and downloads by checking for known threats from a database and taking automatic quarantine actions if it detects one of them.
Antivirus and antimalware are designed to search, detect, and remove software viruses and malware from accessing your system. Today, malware is more prevalent than viruses. The terms are often used interchangeably, though there are subtle differences between the two.
Application Allowlisting
Most environments today are “allow everything.” Allowlisting changes that to “deny everything – allow what you need.”
Application allowlisting is a security layer with a twist – rather than letting an application run and then blocking it if something malicious is discovered, it only allows access to applications that are explicitly permitted (allowlisted) to run on your network. This helps prevent any malicious access to the network through an unrecognized program, installer, malware or ransomware.
This tool is a key part of a zero-trust cybersecurity approach, which assumes that everything – people, applications and devices — poses a risk to your network.
Desktop Computer
The computer is the box that sits either on or under your desk. The computer contains the hard drive that holds the operating system. If you’re asked to turn off the computer, make sure it’s the button on that box, not the button on your monitor or other peripherals that may be connected to your computer.
Endpoint Detection and Response (EDR)
EDR tools add an advanced layer to antivirus and antimalware. EDR tools hunt for as-yet-unknown threats—those that get past the perimeter—by detecting and analyzing suspicious behaviors, otherwise known as indicators of compromise (IOCs).
EDR tools monitor and log behaviors on endpoints (desktops, laptops, phones, etc.) around the clock for evidence of threats, perform automatic actions to help mitigate them, and alert security professionals so they can investigate and respond.
Firewall
A firewall is a hardware device that helps protect your network by managing all traffic going into and coming out of your private network. Based on settings, it filters network traffic to block unauthorized access, including from malicious actors, while allowing legitimate access to authorized users and applications.
Internet Protocol (IP) Address
An IP address is the unique identifying number assigned to every device that is connected to the internet. Computers use IP addresses to communicate over the internet or via local networks. Every device with an internet connection has an IP address, including computers, laptops, smart devices like doorbells and home appliances, and even toys.
IP addresses identify the network interface of a device and can also reveal information about a device’s general location, such as country, state, city or postal region. IP addresses can be public or private.
Managed Detection and Response (MDR)
Managed Detection and Response (MDR) is a cybersecurity service that combines technology with human expertise to rapidly identify and limit the impact of threats by performing threat hunting, monitoring, and response. The main benefit of MDR is that it quickly helps in limiting the impact of threats without the need for additional staffing, which can be costly.
MDR remotely monitors, detects, and responds to threats detected within your organization. An endpoint detection and response (EDR) tool typically provides the necessary visibility into security events on the endpoint.
Relevant threat intelligence, advanced analytics, and forensic data are passed to experienced human analysts, who perform triage on alerts and determine the appropriate response to reduce the impact and risk of positive incidents. Finally, through a combination of human and machine capabilities, the threat is removed.
Multi-Factor Authentication (MFA)
MFA (also called two-factor authentication, or 2FA), requires an additional proof of identity, other than a username and password, when you sign in to a device or application. Authentication methods include receiving a code via text message or using an authenticator app on your phone that generates a code.
This extra step creates a roadblock that may make a cybercriminal more likely to move on to the next target. Given a choice of SMS or app-based MFA, app-based is better.
Password Manager
A password manager allows a user to easily access and populate passwords by remembering only one master password.
It helps protect users from accessing a potentially dangerous website due to a typo (the password is tied to a URL), access passwords if their primary machine is disabled, and assign passwords to other password manager users. The company can also assign a former employee’s password vault to someone else or access an individual user’s vault in case of an emergency or resignation.
Patches
Software patches fix bugs and optimize software. More importantly, they fix security vulnerabilities that can be exploited by cybercriminals. Keeping patches current by applying them within 30 days at the latest is crucial to keeping your systems more secure.
Restart
Trying to troubleshoot an issue with your computer? Try restarting it! In general, restarting your computer stops all system processes and restarts the system from scratch. A restart can apply updates, clear memory for improved performance, close background processes you don’t need, and even fix internet connection issues.
“Restart” is not the same as “Shut down”, so if you’re asked to restart your machine make sure you choose the right option.
Router
Routers are hardware devices that connect multiple switches and their networks to form a larger network, which can be in a single location or across multiple locations. Routers also connect devices to the internet. They forward data packets between computer networks, allowing several devices to share a single internet connection. Routers control traffic to ensure that data packets pass through the most efficient paths to their destination.
Just as a switch connects multiple devices to create a network, a router connects multiple switches, and their respective networks, to form an even larger network. These networks may be in a single location or across multiple locations. When building a small business network, you will need one or more routers.
Softphone
A softphone is a software-based phone that allows users to make and receive phone calls over the internet using a computer or smartphone. Softphones mimic the functionality of a traditional phone system without the physical hardware of a desk phone and include additional useful features like video calling and team messaging.
Switch
Switches are hardware devices that connect devices within a network, like computers, printers, and servers, so they can share information and communicate with each other. Switches are used in local area networks (LANs), like home Wi-Fi networks. They process data via packet switching including receiving it, processing it, and sending it to the intended device. Switches have multiple ports (4 to 52 ports) for devices to communicate within the LAN.
Virtual Local Area Network (VLAN)
VLANs establish the logical connection of computers, servers, and other network devices into a virtual LAN regardless of their physical locations. They’re created with software so they don’t require additional hardware. They can prioritize data, separate private and public networks, or secure specific devices
Besides being a tool for cybersecurity, VLANs ease network resource management and workflow optimization processes for businesses and organizations.
Virtual Private Network (VPN)
A VPN provides a secure, encrypted connection so users can safely connect to the office network from anywhere.
Vulnerability Testing vs. Penetration Testing
A vulnerability assessment identifies potential weaknesses in a system by scanning for vulnerabilities, while penetration testing actively attempts to exploit those vulnerabilities to assess their severity and potential damage.
Penetration testing will often simulate a real-world attack, essentially showing how a hacker might use vulnerabilities to gain access to a system using technology or social engineering. Penetration testing is a more in-depth and aggressive process than a vulnerability test.
Zero Trust Security Model
The zero-trust security model works on the premise that everything — people, applications and devices — poses a risk to your network and must prove trustworthy before accessing your organization’s network or data. This means every person, application, and device must be authenticated and authorized each time they request access. By insisting on verification and authentication at every step, zero trust makes it difficult for a hacker to gain access through a compromised user account or device.
Zero trust should not be mistaken for a single solution or a platform. You can’t just buy it and implement it with a click of a button. Zero trust cybersecurity is a strategy — a framework that needs to be applied systematically in your organization.
Contact us to learn more about how CRU Solutions can help keep your business IT more secure.